A few months ago, we shared a vision for container networking for Cloud Foundry. Today, we are excited to introduce you to netman-release – the new, pluggable container networking stack for Cloud Foundry.
As stated in the vision, the main problems that the container networking effort aims to solve are:
Security policies within Cloud Foundry are provided through Application Security Groups (ASGs) which require an application restart to apply policy. Simple, CIDR-based rules are too broad to indicate application intent.
All communication between containers must go through the Gorouter. This exposes internal applications by requiring them to have a public route or configuring ASGs to allow all internal communication.